Bugtraq mailing list archives
VariCAD 7.0 premission vulnerability
From: Narrow <nss () PRIVACYX COM>
Date: Thu, 10 Aug 2000 19:53:25 +0300
_________________________________________________________________________________ Content-Type: premission/vulnerability Date : 10/08/2000 18:34 Sender : Narrow <nss () privacyx com> Subject : VariCAD 7.0 premission vulnerability X-System : Red Hat 6.0 X-Status : Narrow-ADV-#07 _________________________________________________________________________________ DESCRIPTION VariCAD is a CAD for mechanical engineering for both 2D and 3D. VariCAD 7.0 is shipped with Red Hat linux 6.0 Application CD. PROBLEM Several binary files and two directorys are world writeable. Anyone could replace them with a trojan and wait until someone executes the trojaned binary files. The binary files: /usr/bin/xvcad/dxfin /usr/bin/xvcad/igesin /usr/bin/xvcad/var_rm The directorys: /usr/bin/xvcad/glib/* /usr/lib/xvcad/* SOLUTION Change the premission of the files and directorys to 755. -- Narrow - nss () privacyx com - http://www.zone.ee/unix/ bash# ./win.com Segmental fault
Current thread:
- VariCAD 7.0 premission vulnerability Narrow (Aug 11)